| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2023-6139 | 8 Jan 202420:27 | – | circl | |
| WordPress Plugin Essential Real Estate Security Vulnerability | 8 Jan 202400:00 | – | cnnvd | |
| CVE-2023-6139 Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update | 8 Jan 202419:00 | – | cvelist | |
| EUVD-2023-58393 | 3 Oct 202520:07 | – | euvd | |
| CVE-2023-6139 | 8 Jan 202419:15 | – | nvd | |
| CVE-2023-6139 | 8 Jan 202419:15 | – | osv | |
| Design/Logic Flaw | 8 Jan 202419:15 | – | prion | |
| PT-2024-14886 · WordPress · Essential Real Estate | 8 Jan 202400:00 | – | ptsecurity | |
| CVE-2023-6139 | 23 May 202504:57 | – | redhatcve | |
| CVE-2023-6139 Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update | 8 Jan 202419:00 | – | vulnrichment |
[
{
"vendor": "Unknown",
"product": "Essential Real Estate",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.4.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| _wpnonce | request body | wp-admin/admin-ajax.php?action=gsf_save_options | AJAX action gsf_save_options lacks proper capability checks, allowing subscriber accounts to trigger actions that can cause a Denial of Service. | CWE-264 |
| _current_preset | request body | wp-admin/admin-ajax.php?action=gsf_save_options | AJAX action gsf_save_options lacks proper capability checks, allowing subscriber accounts to trigger actions that can cause a Denial of Service. | CWE-264 |
| _wpnonce | request body | wp-admin/admin-ajax.php?action=gsf_import_theme_options | AJAX action gsf_import_theme_options lacks proper capability checks, enabling low-privilege users to perform potentially DoS-inducing operations. | CWE-264 |
| action | query param | wp-admin/profile.php?action=delete | /profile.php?action=delete allows denial-of-service-like operations due to missing proper capability checks on the action parameter. | CWE-264 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation